More than 30 MMORPG companies targeted in ongoing malware attack

In at least two cases, malware was planted on update servers and spread to fans.

Researchers have uncovered an ongoing cyberespionage campaign targeting more than 30 online video game companies over the past four years.

The companies infected by the malware primarily market so-called massively multiplayer online role-playing games. They're mostly located in South East Asia, but are also in the US, Germany, Japan, China, Russia, Brazil, Peru, and Belarus, according to a release published Thursday by researchers from antivirus provider Kaspersky Lab. The attackers work from computers with Chinese and Korean language configurations. They used their unauthorized access to obtain digital certificates that were later exploited in malware campaigns targeting other industries and political activists.

So far, there's no evidence that customers of the infected game companies were targeted, although in at least one case, malicious code was accidentally installed on gamers' computers by one of the infected victim companies. Kaspersky said there was another case of end users being infected by the malware, which is known as "Winnti." The company didn't rule out the possibility that players could be hit in the future, potentially as a result of collateral damage.

"Having infected gaming companies that do business in MMORPG, the attackers potentially get access to millions of users," the researchers wrote. "So far we don't have data that the attackers stole from common users but we do have at least two incidents when Winnti malware had been planted on an online game update server and [this] malicious executable was spread among large number of the game fans. The samples we have observed seemed not to be malware targeted for the game fans but a malware module which accidentally got into [the] wrong place. But a potential of attackers to misuse such access to infect hundreds of millions of Internet users creates a great risk."

In addition to stealing digital certificates, the Winnti gang's campaign appears to be motivated by the desire to manipulate in-game currency, such as "runes" or "gold," that can in many cases be converted into real currency. The attackers may also want to use source code stolen from the game companies so it can be deployed in rogue servers offering pirated versions of the games.

Latest Ars Video >

War Stories | Thief: The Dark Project

1998's Thief: The Dark Project was a pioneer for the stealth genre, utilizing light and shadow as essential gameplay mechanics. The very thing that Thief became so well-known for was also the game's biggest development hurdle. Looking Glass Studios founder Paul Neurath recounts the difficulties creating Thief: The Dark Project, and how its AI systems had to be completely rewritten years into development.

War Stories | Thief: The Dark Project

War Stories | Thief: The Dark Project

1998's Thief: The Dark Project was a pioneer for the stealth genre, utilizing light and shadow as essential gameplay mechanics. The very thing that Thief became so well-known for was also the game's biggest development hurdle. Looking Glass Studios founder Paul Neurath recounts the difficulties creating Thief: The Dark Project, and how its AI systems had to be completely rewritten years into development.